TOP 10 must-ask questions when choosing an anti-fraud system

Aleksander Kijek, Head of ProductOct 19 2017

Finding the right anti-fraud system for your business is an important and demanding task. The decision made will impact your company to a great extent as the solution will noticeably affect its financial condition and operational capabilities: chargeback rate, conversion rate, revenue, shopping experience, reputation, and so on. With a variety of anti-fraud solutions available on the market, it is quite a challenge to choose the one to fit your unique business. To make this task easier for you, we have prepared a list of top ten questions about the anti-fraud systems’ features that you should ask vendors during the procurement process.

Nethone TOP 10 Questions

TL;DR?

For those of you who don’t have time right now to read the whole article, we have prepared a ready-to-use list of discussed questions with Nethone’s teams commentary.

# Question Nethone’s team recommendation
1 Does the system rely on predefined rules or does it learn over time? Choose a solution that is Machine Learning based over the one using static rules.
2 Will the company’s business logic be embedded into the anti-fraud solution, providing an exact fit to its needs, or does the vendor represent the one-size-fits-all approach? Implement a mixed approach with a customized solution at the end.
3 Can the company’s internal and external data sources be used to enrich the gathered transactional data? As effective spotting of fraud attempt requires nowadays more data than ever before, the solution that allows to incorporate data from various sources will be the best choice for your business.
4 Does the system provide a comprehensive profiler to gather additional information to power the decision-making process? A proprietary comprehensive profiler embedded in the anti-fraud system is a must, if you want to effectively fight fraud.
5 Does the vendor deploy multiple methods to detect deviations in browsers, devices, and operating systems? Look for systems that use device fingerprinting and other methods to prevent technical manipulations of website browsers’ mechanisms, hardware configurations etc.
6 Does the solution prevent as well as detect fraud? The best solution is the one that not only detects fraud attempt but also automatically prevents it. Choose Machine Learning based solutions over s they are more accurate for this task.
7 Can the solution compliment your company’s existing tools? Seek for a solution that can integrate to your existing tools to draw information about other aspects of your business. That will bring additional insights into your analysis.
8 Does the vendor employ top class Machine Learning specialists or do they use third parties? Having a team of experts in Machine Learning on board is strongly advisable for every vendor of ML based anti-fraud system.
9 Does the system provide feedback and analysis for each recommendation or simply a recommendation? The system should provide your fraud/risk managers and analysts with an exhaustive report on details about the transaction, the customer and reasons why the transaction was found suspicious.
10 Does the vendor research and deploy detection of the latest fraud tools? There should be a team of employees assigned on a permanent basis to conduct researches on cybersecurity issues.

Deployment of anti-fraud solutions. The essentials.

Today, anti-fraud solutions are, as a matter of fact, conglomerates of various complementary modules: tools for data collection, device fingerprinting, comprehensive profilers and more. Therefore, they should be offered to online businesses as one-stop-shop solutions easy to integrate with their existing IT infrastructure.

It is worth mentioning that a proper technical deployment of an anti-fraud system does not guarantee success. One should also know what data to collect and how to combine them, what the best predictors of fraud in the case of a particular company are, how to enrich their own databases with external ones etc. It is essential for every vendor to advise and help their clients in the area as these decisions will impact the project’s final results.

Let’s take a look at the top 10 questions, that in my opinion are paramount and should be asked when choosing an anti-fraud system for any business.

Question 1. Does the system rely on predefined rules or does it learn over time?

One of the most common approaches to fraud detection and prevention is based on predefined rules. Those are very easy to understand. Sets of rules determine the actions that should be taken under given circumstances.

Here’s an example:

If transaction value > $1 000 and 3 transactions with 3 different credit cards were made today from the same device ID then block the transaction

These rules are created manually, on the basis of the company’s experience and domain experts’ knowledge. They require systematic monitoring of their performance and manual optimisation.

However, the complexity of the ecommerce world as well as the volume and variety of data that needs to be analysed, makes manual configuration of rules less effective and their optimisation error-prone. In effect, keeping the anti-fraud system under control by a risk team becomes more expensive, time-consuming and may severely hurt your business as it usually leads to many false-positives.

We recommend solutions that are based on Machine Learning (ML). One of the key advantages of using a Machine-Learning-based system is that it removes the manual task of tweaking rules each time, as the system does it automatically. With more processed transactions, ML models are under instantaneous feedback loop with new chargebacks and are constantly retrained to be able to detect new emerging fraudulent patterns.

This technology has already proven to be extremely effective when it comes to fighting fraud.

Question 2. Will the company’s business logic be embedded into the anti-fraud solution, providing an exact fit to its needs, or does the vendor represent the one-size-fits-all approach?

Generally speaking, vendors use three major approaches regarding the deployment of their solutions:

  • Generic. In this case, anti-fraud solutions (incl. Machine Learning models) are created for industries individually (e.g. e-retail, travel, gaming) and are meant to work for any company within the particular sector – regardless of this company’s target groups, products/services offered, geographical market reach etc. Such systems are quick-to-deploy and ready to use in a matter of hours, yet their accuracy leaves much to be desired.
  • Customized. In this case, anti-fraud solutions are adjusted not to a particular industry but to a business case. Machine Learning models are created for each company separately, considering their individual business logic. It means that ML models are based not only on generic industry data but also on data specific for the company, that had already been collected in their databases. For an Online Travel Agency those could be, for instance: services offered, business model adopted, payment method used, interaction with a customer depending on the communication channel, user-flow, the way products are categorized and more. Although it takes a while (up to several weeks) to create and train the models, at the end of the day one receives a tailored anti-fraud system featured by a great accuracy.
  • Mixed. In the third approach, an anti-fraud system is deployed without prior customization, to provide a company with an almost immediate protection against fraud. However, at the same time, dedicated Machine Learning models are built to replace the generic solution within a couple of weeks to increase the effectiveness and accuracy of fraud prevention. This approach is specially advised for companies experiencing heavy fraud attacks – in need of instant help.

 Read also: A Beginner’s Guide to Machine Learning in Payment Fraud Detection & Prevention

Which approach will fit your company?

To answer this question, one needs to first realize that customers behave differently, even within the same vertical, let alone geography. Customers of an e-shop selling toys in Argentina differ significantly from those of a toys e-shop operating in Poland. They use different payment methods, are used to different returns and exchanges policies, browse the website differently, and more.

As there are so many discrepancies, can one solution or a Machine Learning model be equally efficient in detecting and preventing fraud in both cases?

No, it can’t.

Therefore, the solution should be adjusted to the specific needs, requirements and environment of each business it is meant to protect. Our recommendation is to implement a mixed approach with a customized solution at the end.

Question 3. Can the company’s internal and external data sources be used to enrich the gathered transactional data?

To detect fraud attempts, the system, regardless whether it is based on predefined rules or Machine Learning models, needs to gather and constantly monitor data about the transactions carried out by users…

However, fraudsters’ techniques have become more sophisticated due to the available technology, which, in turn, has made spotting online fraud harder than ever before.

Any organisation that wishes to effectively fight fraud, needs to analyse more and more data about its customers. Not only the volume of data is important, but also the variety and diversity of data sources.

Everything, from the frequency of shopping in the given e-store, preferred product categories, up to the specific manner of navigating the website unique for each individual can deliver great, actionable insights that help prevent fraud with ever-increasing accuracy.

Does the system that your company is about to choose, enable gathering and using data from, for instance, your CRM / BI / billing systems, customers social media accounts, website monitoring or geolocation data? The data could include, among others, transactions’ parameters, information about chargebacks (reason code for a chargeback), customer’s location, how they behave while exploring the website, are their Facebook accounts genuine or fake etc.

Well, it should, as all of these pieces of information make your anti-fraud strategy more successful.

Question 4. Does the system provide a comprehensive profiler to gather additional information to power the decision-making process?

Let me start with a short explanation of what a profiler is, if you are not familiar with this term, yet.

Profiler is a tool that allows to collect and combine thousands of data points featuring each single individual interacting with the service: their hardware, software, network environment and behaviour.

It can extract such information as:

  • what parts of the website they are clicking,
  • how much time they spend on the website,
  • how they are using their mouse/touch screen,
  • numerous hardware properties: GPU characteristics, number of processor cores, device ID etc.
  • device type,
  • connection type (Wi-Fi, cellular) based on low level network analysis and/or browser features checks etc.

…as well as…

  • verify whether the claimed browser and operating system are the ones actually used,
  • detect quirks in system configuration,
  • distinct a regular computer from a hacked one and more.

By combining such pieces of information with the company’s internal and external data, one can receive a comprehensive digital profile of each and every user visiting the website.

Profiler is a goldmine of information which, when used properly, allows your ML-based anti-fraud system to make truly accurate predictions and your organisation to stay ahead of fraudsters. Look for vendors who have developed their own profilers instead of using third party solutions.

Question 5. Does the vendor deploy multiple methods to detect deviations in browsers, devices, and operating systems?

Nowadays, fraudsters are using very sophisticated techniques to trick anti-fraud systems. They manipulate web browsers, operating systems and devices. One of the goals of such a deceit is to prevent the system from identification of the specific computer, so the fraudster could use it multiple times to commit crime.

A quality anti-fraud solution should be able to spot such deception by applying various detection methods and techniques, that stem from their experience and technical knowledge about browsers’ mechanisms, hardware configurations and more.

For instance, if someone is logging in from a MacBook Air but the graphics card installed isn’t compatible with this model of computer, it could indicate possible technical deviations. Such a situation requires closer investigation or even additional verification of the user’s identity. However, this scenario is possible only when the provider of the anti-fraud solution is familiar with all graphics card types that are compatible with MacBook Air or has models trained to distinguish standard configurations from non-standard ones. They should also have proper tools to verify what type of card is actually installed on the user’s device.

Question 6. Does the solution prevent as well as detect fraud?

Fraud prevention requires effective fraud detection. You can have a system that analyses historical data, compares various data points and chooses the best predictors of fraud. But you need something more than that. You need a system that will analyse incoming high-volume data from various sources, and predict a fraud attempt before it takes place. And, if necessary, prevent fraud automatically by adding, for instance, an extra level of authentication at the checkout.

Many transactions may share some features typical for fraud attempts, but it does not make them ones.

Sounds familiar?

Yes, I’m talking about false positives. False positives impact business negatively and can be more severe for your company than fraud itself. You are literally preventing numerous customers from buying from you!

Your anti-fraud system must be featured by an outstanding accuracy to meet this challenge. In this case, static rules-based systems are not the best choice. Rules are too simplistic and human behavior is too complicated. Our recommendation is to apply Machine Learning because machines are much more precise in analysing a massive amount of data in real time and therefore more efficiently detect intricacies in customers’ behavior. In result, decreasing the number of false positives.

Question 7. Can the solution compliment your company’s existing tools?

When running a business, you collect and generate a lot of data. It is stored in CRM systems, spreadsheets, BI, operational databases etc., and used for purposes other than fraud detection.

However, this way you are missing a great opportunity to fuel the conducted fraud prevention analysis with more insights about your customers and increase its effectiveness.

Can the anti-fraud systems from your short list incorporate data used for offer recommendation, cross-up selling, churn analysis, credit scoring?

Well…they should.

Furthermore, if you are not collecting that much data on your own, let’s reverse the logic – ask vendors if their solutions are capable of providing insights that you could use for more purposes than just fraud prevention.

Read also: Adopting the New. What Risk Managers Should Know about AI-driven Anti-Fraud Solutions

Question 8. Does the vendor employ top class Machine Learning specialists or do they use third parties?

If you are planning to deploy a Machine-Learning-based anti-fraud solution it is important to ask whether the vendor has a team of highly skilled ML specialists on board.

The role of this team is to, among others, analyse the company’s collected data, find out what characterises fraudulent transactions, assess relevancy of various fraud predictors, select the most relevant analytical method for the company’s business model and build Machine Learning models for predicting whether a particular transaction is a fraud attempt or not.

As you can see, the role of such a team is crucial as it will have a significant impact on your anti-fraud strategy. By outsourcing the project to freelancers and other third parties, the vendor not only exposes your company to higher costs but also can’t assure constant access to the best ML experts with extensive experience in fraud detection. The problem lies also in the data security issues, being transferred outside the company, less control over the quality of service and the project itself.

Question 9. Does the system provide feedback and analysis for each recommendation or simply a recommendation?

Generally speaking, the purpose of an anti-fraud solution is to spot and prevent fraud attempts. Once a threat is detected it can trigger various actions depending on the company’s approach and strategy. The list of possible reactions includes, among others:

  • blocking the transaction,
  • sending it for a manual review (concerns high value transactions),
  • making a phone call to a customer for verification,
  • activating a conditional authentication layer, for example a request to provide the CVV number of the card or a unique PIN code.

Fraud/risk managers and analysts should be provided then with a comprehensive report on details about the transaction and the customer, as well as the reasons why it has been found suspicious. This feedback is important for understanding what exactly had happened and why as well as verifying whether the problem hadn’t been caused by some of the company’s earlier actions.

Recommendation on what action should be taken towards a given transaction alone is not enough. Thus, without proper reports you will be losing a detailed picture of the whole situation and precious information about characteristics of fraud and main reasons of its occurrence in your company.

The evidence of fraudulent activities should not only be comprehensive but also easy to understand. Make sure that the management panel incorporated in the solution that you want to implement is truly intuitive and compliant with the current UX standards.

Question 10. Does the vendor research and deploy detection of the latest fraud tools?

Being up-to-date with the latest industry news, data breach alerts, benchmarks, warnings concerning fraud attacks, new techniques used by fraudsters is one of the priorities for every risk/fraud manager.

The importance of such information is unquestionable. It is used to adjust the fraud prevention strategy to the changing business environment, customize the systems’ parameters to make it more effective, reduce the time of analysis. It also indicates what data points and metrics will be the best predictors of fraud in the future.

Ask vendors whether they employ analysts dedicated to conduct such research.

Aleksander Kijek

Head of Product
Aleksander is a highly-skilled programmer and a Linux enthusiast fascinated by FinTech and Neuroscience. Prior to joining Nethone, he developed his technical and soft skills as a leader of PISAK project (an initiative stimulating the social inclusion of heavily disabled people through technology) and a coordinator of multiple projects at American Jewish Joint Distribution Committee.
At Nethone, Aleksander is responsible for business and product development, workflow management and ensuring comprehensive operational excellence at the company.